Corporate data breaches have seen a spike in recent months, and unfortunately American Express is the latest to join a long list of companies affected by hackers infiltrating their customer’s credit card information. On Monday, AmEx announced that more than 76,000 cardholders in California would be notified of a breach on their accounts after hacktivist group Anonymous Ukraine published their account numbers, card expiration dates, the dates the cards became effective and the four digit codes printed on the front of the cards.
This is a small subset of the 668,000 total AmEx numbers that were part of the 7 million records released by Anonymous Ukraine in March. The majority of card data released was Visa (3.2 million) and MasterCard (1.7 million), with Discover cards being the smallest at 362,000 records. Some of the non-AmEx data released included name, address, SSN, birth date, and even PINs.
Most likely much of the data was not from a new breach but from older breaches as many of the cards had already expired. Furthermore there is speculation that the “real” Anonymous Ukraine group was not involved with the release – no information related to it was posted on their otherwise active “official” Twitter and Facebook accounts, and most of the original discussion regarding the dump occurred on Russian language forums.
Cardholders who suspect they may have been affected should vigilantly monitor their credit and bank accounts for any unauthorized charges, checking each item line by line for even the smallest charges. Fraudsters often issue small charges to confirm the account they have infiltrated is still valid. Consider replacing your card or cards, and request new ones of your most frequently used on a yearly basis moving forward
Sign up for any fraud monitoring and notification services that are available through your card provider, and use strong passwords for online access to your cardholder and banking sites. Do not reuse passwords across multiple sites. Consider a cross platform password manager application to manage all of your sensitive information across all of your devices and computers.
If you have been the victim of this breach, request an Identity Protection PIN (IP PIN) from the IRS by contacting their Identity Protection Specialized Unit. Though AmEx stated Social Security numbers have not been exposed, IP PINS can thwart the common scam of hackers filing tax returns with large refunds using victims’ SSNs. Be wary of any potential phishing scams that can arise through your account post-breach, via email, phone or even postal mail. Lastly, subscribe to a credit or identity monitoring service. If you have been a victim of a breach, a subscription to these services is often provided by the affected company at a reduced or no cost to the cardholder.
Remember that, whether or not you have been affected by a breach, everyone can once a year request and review credit score reports from the “big three agencies” free of charge. You can find more information on this is through the Annual Credit Report website.